package com.woniuxy.hotel.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

public class RoleFilter extends AuthorizationFilter {
	@Override
	protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
			throws Exception {
		System.out.println(mappedValue);
		// 1.获取 subject
		Subject subject = getSubject(request, response); // 父类方法
		// 2.获取到用户设置的角色值 /jsp/allStudent.jsp = roles[superadmin,admin] 中括号中的值
		String[] roles = (String[]) mappedValue;
		// 3.判断当前 roles 是否为 null
		if (roles == null || roles.length == 0) {
			return true;
		}
		for (String role : roles) {
			if (subject.hasRole(role)) {
				return true;
			}
		}
		return false;
	}
}